FindLaw | Find a Lawyer. Find Answers.

1. The Benefits of Compliance Programs a  

Many companies and counsel have come to believe that they must formally adopt compliance programs to do business in this heavily-regulated world.1  According to government agencies and the other proponents of compliance plans, the process of instituting compliance programs provides many benefits.2  Foremost among the promised benefits are that companies which institute bona fide compliance plans can thwart potential whistleblowers from bringing ruinous suits under the False Claims Act.3  Another is that companies and their representatives can secure latitude from the courts (under the United States Sentencing Guidelines Manual ("USSG") and the Organizational Guidelines of the USSG4 ) if they are ever prosecuted and convicted.5  In fact, under the Organizational Guidelines, (which, since 1991, apply to most businesses federally prosecuted), the possible punishment range under which businesses can be sentenced may swing as much as ninety-five percent -- depending on whether they do all of the right things (such as having an effective compliance program in place prior to an investigation6  ) or do none of the right things.7  

2. Contravening Considerations

While being able to prevent or limit the potentially crippling punishment that can be imposed by the government for violating one of its many laws should make any business which operates in a regulated industry seriously consider adopting a compliance program, there are a host of contravening considerations worth reviewing which should make companies and counsel pause before blindly jumping on the compliance program bandwagon. Not surprisingly, however, these issues have yet to be adequately raised or discussed by the compliance pundits. For example, there is the question as to the availability of privileges.

3. Problems Facing Companies Attempting to Rely on the Attorney-Client or Other Privileges to Protect them from Dangers Uncovered by Compliance Programs

Because courts will require that several factors must be met before companies and individuals can be protected by the attorney-client privilege (or by other legally-recognized privileges8 ), in the context of compliance projects it may be next-to-impossible for potential defendants to successfully assert a legally-valid privilege -- notwithstanding the strong policy reasons for adopting such programs and for the government regulators and courts to want to protect those companies that attempt to do the right thing.

4. Problems under the Work-Product Doctrine

As a practical note, the work-product doctrine9  will likely be of little help to companies trying to avail themselves of the protections offered by compliance programs because the privileges which flow under this doctrine are not available until there is an actual threat of litigation.10  Companies can only take advantage of the work-product doctrine's protections when they are under investigation, charged or learn that they have been sued. Unfortunately, however, the Organizational Guidelines give very little credit to a company for adopting a compliance plan after a government investigation has begun. The one tangible benefit that a company can obtain in the criminal realm by adopting such a plan, when it becomes clear that there is an actual threat of litigation, is to avoid the otherwise mandatory imposition of probation under the Organizational Guidelines11  (and correspondingly, to avoid having a government agency impose its own, more onerous version of a compliance program, which is called a "Corporate Integrity Program").12  

5. Limited Recognition of the Self-Evaluative Privilege

Although, for policy reasons, it would appear that the government would support the laudable goal of assisting companies which try to instill a culture of corporate good citizenship by allowing them to have some protection while they go through the process of discovering whether there are internal problems which need to be resolved, the emerging Self-Evaluative Privilege13  (also known as the Self-Critical Analysis Privilege ) has only received limited acceptance by the courts.14  Moreover, even where it is recognized (primarily in the environmental context)15 , the assertion of this privilege will not be permitted to shield such evidence from government agencies when they are seeking it for possible enforcement actions.

6. What This Means: An Example Involving Health Care

Whenever a compliance plan project is launched, there is a real danger that a company's good faith efforts will boomerang to harm it. The following example illustrate this assertion. In the health care arena, where many of the "Compliance 'R Us" consultants now operate (some of whom, no doubt, previously lectured providers about how they could maximize their billing reimbursement through coding strategies), the Office of the Inspector General (OIG) for the Department of Health and Human Services (HHS), has released so-called "Guidances"16  which are geared toward compliance issues unique to various components of that industry. The OIG has recommended that companies wanting to adopt an effective compliance program should first obtain a "baseline" of information about their operations. This is to identify where the particular focus should be attempted when the companies cobble together their compliance programs. In practice, companies obtain such a baseline by hiring coding and billing experts (individuals trained in the nuances of Medicare and Medicaid billing and reimbursement policies) to retrospectively examine their billing and medical history records and provide a report to identify problem areas, such as whether the physicians are commonly billing for higher levels of reimbursement than one would expect from examining the average data of peers (i.e., they are outside the "bell shaped curve"), or if the billing practices are not adequately supported by the necessary documentation in the various patient files.

While this exercise makes perfect intellectual sense, there is, unfortunately, a very practical problem: unless such a report is protected from later discovery, it will likely be used as a veritable "roadmap" against a company in a later enforcement action by the government, or by private litigants, such as whistleblowers. Typically, the coding experts will find problems during this baseline audit. This is not necessarily a testament to the level of fraud in the industry, but is more likely a reflection of the needlessly arcane nature of Medicare, Medicaid and private insurance billing requirements. As Judge Ervin of the Fourth Circuit cogently noted, the Medicare and Medicaid laws are quite difficult, even for those who are legally trained to master them:

There can be no doubt but that the statutes and provisions in question, involving the financing of Medicare and Medicaid, are among the most completely impenetrable texts within human experience. Indeed, one approaches them at the level of specificity herein demanded with dread, for not only are they dense reading of the most tortuous kind, but Congress also revisits the area frequently, generously cutting and pruning in the process and making any solid grasp of the matters addressed merely a passing phase.It is thus with some sympathy that we read the Secretary's brief, which calls the court to defer to her expert judgment . . . .

Rehabilitation Association of Virginia, Inc. v. Kozlowski, 42 F.3d 1444, 1450 (4th Cir. 1994).

Even if the attorney-client privilege could otherwise be asserted to prevent outside parties from obtaining the report, courts do not recognize that privilege when it is asserted to attempt to protect information that concerns ongoing or future crimes.17  

7. Damned If You Do . . . and If You Don't

Recently, government prosecutors have begun voicing their belief that charges can be brought under the provisions of a particularly obscure Medicare statute18  which purportedly criminalizes the failure by a government-reimbursed health care provider to timely reveal information about known overpayments.19  (In particular, this statute makes it a felony for anyone who knows of any event affecting his benefits or payments under a federal healthcare program to conceal or fail to disclose the event with an intent to secure fraudulently the benefit or payment.)20  Because of how this statute is worded, it appears that such a "crime" would be a continuing violation until and unless the provider notifies the government after the problem is discovered.21  But, the very the act of notifying the government would appear to waive any later-asserted privileges.

Thus, the company that seeks to be a good corporate citizen, by instituting a compliance program and establishing a baseline of information, may unwittingly be increasing its chances of being successfully prosecuted or sued, and the method for avoiding prosecution arguably constitutes a waiver of any work-product or self-evaluative privilege.

8. Bringing the Pieces Together to Demonstrate the Dilemma

Returning to the issue of the limitations of the attorney-client privilege, and now putting the pieces together, if a billing expert hired by a company to analyze its records and develop a baseline from which a compliance program can be designed identifies "overpayments," but the company does not timely reveal them as contemplated under 42 U.S.C. § 1320a-7b(a)(3), because it believes that this information is protected under a privilege, then the company and its principals may be in for a rude awakening. If the government later learns about these events (perhaps because a disgruntled employee who worked in the company's billing department has filed a sealed qui tam suit under the federal False Claims Act hoping to recover fifteen to twenty-five percent of the overpayments), will the company be able to effectively assert the attorney-client privilege? In short, the answer is no. Will the company itself face criminal prosecution? Only your local federal prosecutor knows for sure.

Not only is the attorney-client privilege facially inapplicable because the conduct related to an "ongoing" or future crime, but the government can also attempt to pierce this privilege by asserting the separate crime-fraud exception.22  

9. Conclusion

This short article is not meant to prevent companies and individuals from adopting compliance programs, because they do provide many benefits. However, anyone who is seriously considering taking this step should only do so with the assistance of experienced counsel, who can present all of the considerations which should be evaluated for making an informed decision. Compliance plans are not for everyone. Some are better off without them. To paraphrase a statement recently made by the OIG in one of the recent Guidances, it is far worse for a company to adopt a hastily-constructed compliance program than to have no program at all.23  

---

 a.The authors gratefully acknowledge the assistance of Pragna Soni in the preparation of this article.
 1. See e.g., Benet L. Heart, The Environmental Audit Privilege: A Step in the Wrong Direction. 10 TOXICS L. REP. (BNA) 307 (Aug. 21, 1995), in which the author argues that "most of the country's large companies already perform environmental audits without the benefit of an environmental audit privilege." Id. at 306. The author also argues that those who do not perform voluntary audits, approximately 25% of the 1,800 manufacturing companies surveyed, are motivated by factors other than the fear of disclosure, such as limited resources or lack of information. Id.
 2. For example, in its policy statement on auditing, the Environmental Protection Agency "identifies the major incentives that EPA will provide to encourage self-policing, self-disclosure, and prompt self-correction." EPA Incentives for Self-Policing: Discovery, Disclosure, Correction and Prevention of Violations, 60 Fed. Reg. 66,706, 707 (1995). Some of these incentives "include not seeking gravity-based civil penalties or reducing them by 75%, declining to recommend criminal prosecution for regulated entities that self-police, and refraining from routine requests for audits." Id. But see Jean H. McCreary, EPAs' New Audit Policy May Be Small Comfort to Business, 11 ENVTL. COMPLIANCE & LITIG. 1, 3 (1995).
 3. 31 U.S.C. § 3729 et seq.
 4. USSG § 8A1.1 et seq.
 5. See, e.g., USSG §8C2.5 & 8A1.2 application note 3(k).
 6. For example, under USSG §8C2.5(f), an organization may receive a three level reduction in its culpability score if an effective compliance program was in place when the offense occurred.
 7. See USSG §§ 8C2.8.
 8. See John Calvin Conway, Note, Self-Evaluative Privilege and Corporate Compliance Audits, 68 S. CAL. L. REV. 621 (1995), for a discussion of privileges available to companies in the context of corporate compliance audits.

 9. The Work-Product doctrine, articulated by the Supreme Court in Hickman v. Taylor, 329 U.S. 495 (1947), provides that any notes, working papers, memoranda or similar materials prepared by an attorney in anticipation of litigation, are protected from discovery. See also Federal Rule of Civil Procedure 26(b)(3). In Hickman, the Supreme Court endorsed the general policy against invading the privacy of an attorney's course of preparation because that privacy is essential to an orderly working of the legal system. 329 U.S. at 512. Thus, one who seeks to invade that privacy bears the burden to establish adequate reasons to justify production of such materials through a subpoena or court order. Id. Generally, courts will provide absolute immunity from discovery of an attorney's subjective thoughts, such as mental impressions, legal theories, conclusions and opinions. Other documents, prepared by an attorney for litigation purposes, such as written statements of witnesses, receive only a qualified immunity from discovery which may be overcome if a party has a substantial need for the materials and equivalent materials are not available through other means.

 10. See, e.g., United States v. Adlman, 69 F.3d 1495, 1501 (2d Cir. 1995) (interpreting Federal Rule of Civil Procedure 26(b)(3)); In re Grand Jury Proceedings, 604 F.2d 798, 803 (3d Cir. 1979) (finding that protections of the work product doctrine do not apply unless the materials were prepared or obtained because of pending or anticipated litigation); and Taroli v. General Elec. Co., 114 F.R.D. 97, 99 (N.D. Ind. 1987) (refusing to apply the work product doctrine when it was not demonstrated that at the time the material was prepared, litigation was a distinct possibility), aff'd w/out opinion, 840 F.2d 920 (7th Cir. 1998).

 11. USSG §8A1.1 et seq.

 12. USSG §§ 8D1.1(a)(3), 8D1.4(c).

 13. While the definition may differ somewhat from state to state, or jurisdiction to jurisdiction, generally the Self-Evaluative Privilege (or Self-Critical Analysis Privilege) provides protection from discovery, in some cases, for any institutional analysis or evaluation which a company or organization has conducted to ascertain or improve its own compliance with laws, rules and regulations or professional standards. The policy behind the privilege is that requiring disclosure of documents which contain candid self-examinations and analysis will deter, suppress or chill, investigations and evaluations or compliance with laws or professional standards. The privilege was first recognized in Bredice v. Doctors Hosp. Inc., 50 F.R.D. 249 (D.C. 1970), aff'd w/o opinion, 479 F.2D 920 (D.C. Cir. 1973). In Berdice, the court protected minutes of a meeting (in which the hospital staff was asked for frank analysis of the hospital's procedures) because of the policy interest inherent in having hospitals evaluate the quality of care they provide. Id. For general information regarding how courts apply the privilege, see Note, The Privilege of Self-Critical Analysis, 96 HARV. L. REV. 1083 (1983).

 14. Although some courts have approved and adopted the privilege and the policy considerations which fuel it, others have declined to do so. See University of Pennsylvania v. EEOC, 493 U.S. 182.

 15. Certain federal courts have applied the "self-critical analysis privilege" to protect from discovery documents that might be characterized as "environmental audit" or "environmental self-evaluation" materials. See e.g. Reichold Chem. v. Textron, 157 F.R.D. 522, 525-27 (N.D. Fla. 1994) (applying the privilege under the court's Federal Rule of Evidence 501 common law power); Joiner v. Hercules, Inc., 169 F.R.D. 695 (S.D. Ga. 1996). But see, United States v. Dexter Corp., 132 F.R.D. 8, 9-10 (D. Conn. 1990) (failing to recognize privilege in an action brought by the government to enforce the Clean Water Act); State ex rel. Celebrezze v. CECOS, Int., Inc., 583 N.E.2d 1118, 1121 (Ohio Ct. App. 1990) (rejecting self-critical analysis privilege claim in an action by State of Ohio alleging violations of state hazardous waste laws); and CPC Int., Inc., v. Hartford Accident & Indem. Co., 620 A.2d 462 (N.J. Super. Ct. 1992) (rejecting privilege claim in private action by insured against its insurers for reimbursement of environmental cleanup costs).

 16. There are several such Guidances, including Guidances for Third Party Medical Billing Companies, for Home Health Agencies, for Clinical Laboratories, and for Hospitals. A comprehensive list of Guidances is available at the OIG website located at www.dhhs.gov/proorg/oig. 

 17. This concept is premised on the rules of professional responsibility. The rules of professional responsibility are adopted by each state and are normally adapted in whole or in part from the Model Rules of Professional Conduct promulgated by the American Bar Association. Although the Model Rules do not permit an attorney to reveal client confidences to prevent client fraud, many states have taken the opposite position and have determined that an attorney may reveal client confidences to prevent ongoing or anticipated client fraud without violating the attorney-client privilege. In those states, an attorney-client privilege will not insulate an attorney from being forced to divulge the confidences of a client who is engaging in criminal fraud or anticipates engaging in criminal fraud. See also Model Rules of Professional Conduct 1.2(d) (stating attorney shall not encourage or assist a client in conduct that attorney knows is fraudulent) and Rules 1.16 and 3.3 (providing that an attorney may not permit her client to perpetrate a fraud on the court).

 18. 42 U.S.C. § 1320a-7b(a)(3).

 19. Marc Garber, Non-Disclosure of Billing Errors May Be a Federal Crime, 2 [HEALTH CARE FRAUD & ABUSE NEWSLETTER] Feb. 1999.

 20. Id.

 21. Criminalizing the mere non-disclosure of information, without any affirmative act of concealment, is generally contrary to the federal criminal law tradition.

 22. The crime-fraud exception permits a court to pierce the attorney-client privilege (and force an attorney to reveal client confidences or documents containing such confidences) in cases where the client abuses the attorney-client relationship by using the attorney's legal services to further a crime or a fraud. See e.g., In re Sealed Case, 107 F.3d 46, 49, 51 (D.C. Cir. 1997). Generally, two conditions must be satisfied for the exception to apply: (1) the client must have made or received a privileged communication with the intent to further an unlawful or fraudulent act; and (2) the client must have carried out the crime or fraud. Id. at 49. There is no requirement for the government to show that the attorney involved was aware of the fraud. Conditions and standards for establishing a crime-fraud exception may vary from jurisdiction to jurisdiction. The crime-fraud exception is also available to pierce the work-product doctrine.

 23. See Draft OIG Compliance Program Guidance for Nursing Facilities, 64 Fed. Reg. 58,419-54,821. Also available at www.dhhs/gov/proorg/oig.

Ads by FindLaw